Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Yoog Removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Yoog Removal

Unread postby smurphie » May 24th, 2009, 2:43 pm

ComboFix 09-05-23.04 - momma 05/24/2009 14:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.654 [GMT -4:00]
Running from: c:\documents and settings\momma\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\momma\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA143
-------\Service_XDva143


((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-18 16:11 . 2009-05-18 16:11 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-18 15:39 . 2009-05-18 15:39 57344 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-22dfa643-n\Decora-SSE.dll
2009-05-18 15:39 . 2009-05-18 15:39 24064 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-38aa17b0-n\Decora-D3D.dll
2009-05-18 15:39 . 2009-05-18 15:39 315392 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-75fa4177-n\jogl.dll
2009-05-18 15:39 . 2009-05-18 15:39 20480 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-75fa4177-n\jogl_awt.dll
2009-05-18 15:39 . 2009-05-18 15:39 114688 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-75fa4177-n\jogl_cg.dll
2009-05-18 15:39 . 2009-05-18 15:39 20480 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-1e47f442-n\gluegen-rt.dll
2009-05-18 15:39 . 2009-05-18 15:39 499712 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5ec939ec-n\msvcp71.dll
2009-05-18 15:39 . 2009-05-18 15:39 499712 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5ec939ec-n\jmc.dll
2009-05-18 15:39 . 2009-05-18 15:39 348160 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5ec939ec-n\msvcr71.dll
2009-05-18 15:38 . 2009-05-18 15:38 152576 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-17 19:50 . 2009-05-17 19:51 -------- d-----w C:\rsit
2009-05-15 18:06 . 2007-09-17 14:34 136528 ------w c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4397.2.4\radioupd.exe
2009-05-15 17:37 . 2009-05-15 17:37 -------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-05-15 17:35 . 2009-05-15 18:04 -------- d-----w c:\program files\AIM6
2009-05-10 19:43 . 2009-05-10 19:43 -------- d-----w c:\program files\Trend Micro
2009-05-09 14:14 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-09 14:14 . 2009-03-06 20:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-09 14:14 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-09 14:14 . 2009-05-18 16:21 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-09 14:14 . 2009-05-18 16:37 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-29 14:47 . 2009-04-29 14:47 565248 ----a-w c:\windows\system32\fyjiewajwvluo.dll
2009-04-29 14:45 . 2009-04-29 14:45 688640 ----a-w c:\windows\system32\nsn1EB.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 04:27 . 2009-02-11 04:43 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-23 20:34 . 2008-07-17 03:46 -------- d-----w c:\program files\MSECache
2009-05-22 20:13 . 2007-05-10 16:37 -------- d-----w c:\program files\Google
2009-05-18 16:21 . 2007-08-16 19:47 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-18 16:08 . 2007-06-13 21:32 -------- d-----w c:\program files\Hewlett-Packard
2009-05-18 15:48 . 2007-08-07 00:25 -------- d-----w c:\documents and settings\momma\Application Data\LimeWire
2009-05-18 15:38 . 2009-04-09 22:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-18 15:38 . 2007-05-10 16:29 -------- d-----w c:\program files\Java
2009-05-15 17:37 . 2007-05-10 16:35 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-15 17:37 . 2007-05-10 16:34 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-05-13 00:40 . 2007-10-12 01:25 -------- d-----w c:\program files\CCleaner
2009-05-10 16:11 . 2007-10-12 00:50 -------- d-----w c:\documents and settings\momma\Application Data\SUPERAntiSpyware.com
2009-05-10 15:57 . 2008-05-19 05:28 -------- d-----w c:\documents and settings\All Users\Application Data\Outspark
2009-05-10 15:57 . 2008-05-19 05:20 -------- d-----w c:\program files\Outspark
2009-05-09 21:58 . 2008-11-05 14:52 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-08 20:31 . 2007-08-16 17:16 -------- d-----w c:\documents and settings\momma\Application Data\Apple Computer
2009-05-06 14:51 . 2007-09-10 21:18 1842 ----a-w c:\documents and settings\momma\Application Data\wklnhst.dat
2009-04-27 12:33 . 2008-05-11 01:00 710 ----a-w c:\documents and settings\Guest\Application Data\wklnhst.dat
2009-04-22 16:28 . 2009-04-22 16:28 1915520 ----a-w c:\documents and settings\Guest\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-04-21 13:26 . 2009-02-12 22:57 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-04-21 13:26 . 2009-02-12 22:57 -------- d-----w c:\program files\NOS
2009-04-21 13:23 . 2009-04-21 13:23 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-21 13:22 . 2007-06-30 05:31 -------- d-----w c:\program files\Common Files\Adobe
2009-04-17 01:08 . 2009-04-17 01:08 -------- d-----w c:\program files\AML Products
2009-04-15 04:16 . 2008-05-30 02:21 -------- d-----w c:\documents and settings\Guest\Application Data\Apple Computer
2009-04-15 00:12 . 2009-04-15 00:12 0 ---ha-w c:\documents and settings\Guest\hpothb07.dat
2009-04-07 02:03 . 2009-04-07 02:02 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 02:03 . 2009-03-26 18:47 -------- d-----w c:\program files\iTunes
2009-04-07 02:02 . 2009-04-07 02:02 -------- d-----w c:\program files\iPod
2009-04-07 02:02 . 2007-08-16 17:15 -------- d-----w c:\program files\Common Files\Apple
2009-04-07 01:56 . 2009-04-07 01:56 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-07 01:55 . 2009-04-07 01:55 -------- d-----w c:\program files\Safari
2009-04-01 20:05 . 2008-08-21 23:26 -------- d-----w c:\documents and settings\Guest\Application Data\OpenOffice.org2
2009-04-01 16:42 . 2008-07-08 14:22 -------- d-----w c:\program files\OpenOffice.org 2.4
2009-04-01 16:35 . 2008-09-25 10:46 -------- d-----w c:\documents and settings\momma\Application Data\OpenOffice.org2
2009-04-01 16:14 . 2009-04-01 16:14 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-28 13:25 . 2007-06-15 21:04 -------- d-----w c:\program files\Apple Software Update
2009-03-26 18:47 . 2009-03-26 18:47 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-26 18:46 . 2009-03-26 18:46 -------- d-----w c:\program files\Bonjour
2009-03-26 18:45 . 2009-03-26 18:45 -------- d-----w c:\program files\QuickTime
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2006-09-19 19:44 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-26 18:41 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2007-09-23 14:30 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
.

------- Sigcheck -------

[7] 2004-08-04 10:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-11-28 20:35 507904 3969440BA384D35317DBBDEEAAE641CE c:\windows\system32\winlogon.exe

[7] 2004-08-04 10:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-11-28 20:35 295424 63999D0ABD8DABFD76A9C07F6E104868 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-18_17.05.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-24 18:23 . 2009-05-24 18:23 16384 c:\windows\temp\Perflib_Perfdata_6c4.dat
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ARPPRODUCTICON.exe
+ 2009-05-23 20:35 . 2009-05-23 20:35 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
+ 2009-05-23 20:37 . 2009-05-23 20:37 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2003-07-15 02:57 . 2003-07-15 02:57 58944 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\SEQCHK10.DLL
+ 2003-07-15 02:52 . 2003-07-15 02:52 55360 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\MSOHTMED.EXE
+ 2009-05-23 20:35 . 2009-05-23 20:35 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-05-03 16:09 . 2005-05-03 16:09 6864584 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\WORDVIEW.EXE
+ 2005-04-22 02:57 . 2005-04-22 02:57 12235968 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\MSO.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-05-10 26112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-18 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-02-10 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/9/2009 10:14 AM 130424]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/11/2007 6:47 PM 24652]
S2 gupdate1c98c0362dbb048;Google Update Service (gupdate1c98c0362dbb048);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2009 12:44 AM 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-05-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 20:03]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000
FF - ProfilePath - c:\documents and settings\momma\Application Data\Mozilla\Firefox\Profiles\8dllqohr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 14:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2540)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\searchindexer.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
.
**************************************************************************
.
Completion time: 2009-05-24 14:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-24 18:31
ComboFix2.txt 2009-05-18 17:07

Pre-Run: 99,222,155,264 bytes free
Post-Run: 99,222,233,088 bytes free

230 --- E O F --- 2009-05-13 07:02
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:19 PM, on 5/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=6070510
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c98c0362dbb048) (gupdate1c98c0362dbb048) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7549 bytes
Ok.... Does it seem we are making progress?? I do appreciate your help.
smurphie
Regular Member
 
Posts: 22
Joined: May 10th, 2009, 3:47 pm
Advertisement
Register to Remove

Re: Yoog Removal

Unread postby turtledove » May 25th, 2009, 3:49 am

Hello smurphie,
Thanks for the log. Yes, we are making progress.

Open notepad and copy/paste the text in the quotebox below into it:

viewtopic.php?f=11&t=42715

Collect::
c:\windows\system32\fyjiewajwvluo.dll

Suspect::
c:\windows\system32\nsn1EB.dll

Folder::
c:\documents and settings\momma\Application Data\LimeWire


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


Post :
ComboFix.txt
New HijackThis Log
Any new problems?

Thank you

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Yoog Removal

Unread postby smurphie » May 25th, 2009, 5:58 pm

Hi! I do have some issues w/Outlook & get an error code upon reboot. If you can help w/those once we finish this, that would be great!!


ComboFix 09-05-25.03 - momma 05/25/2009 17:39.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.297 [GMT -4:00]
Running from: c:\documents and settings\momma\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\momma\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090525-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

file zipped: c:\windows\system32\fyjiewajwvluo.dll
file zipped: c:\windows\system32\Suspect_nsn1EB.dll.vir
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\momma\Application Data\LimeWire
c:\documents and settings\momma\Application Data\LimeWire\412splashfree.png
c:\documents and settings\momma\Application Data\LimeWire\414splashfree.png
c:\documents and settings\momma\Application Data\LimeWire\active.mojito
c:\documents and settings\momma\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\momma\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\momma\Application Data\LimeWire\bugs.data
c:\documents and settings\momma\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\momma\Application Data\LimeWire\createtimes.cache
c:\documents and settings\momma\Application Data\LimeWire\data.ser
c:\documents and settings\momma\Application Data\LimeWire\downloads.dat
c:\documents and settings\momma\Application Data\LimeWire\fileurns.bak
c:\documents and settings\momma\Application Data\LimeWire\fileurns.cache
c:\documents and settings\momma\Application Data\LimeWire\filters.props
c:\documents and settings\momma\Application Data\LimeWire\gnutella.net
c:\documents and settings\momma\Application Data\LimeWire\installation.props
c:\documents and settings\momma\Application Data\LimeWire\library.dat
c:\documents and settings\momma\Application Data\LimeWire\library5.dat
c:\documents and settings\momma\Application Data\LimeWire\limewire.props
c:\documents and settings\momma\Application Data\LimeWire\mojito.props
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\Cache\7A2D9D1Ed01
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A98d01
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\momma\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\momma\Application Data\LimeWire\passive.mojito
c:\documents and settings\momma\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\momma\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\momma\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\momma\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\momma\Application Data\LimeWire\pub1.key
c:\documents and settings\momma\Application Data\LimeWire\public.key
c:\documents and settings\momma\Application Data\LimeWire\questions.props
c:\documents and settings\momma\Application Data\LimeWire\responses.cache
c:\documents and settings\momma\Application Data\LimeWire\secureMessage.key
c:\documents and settings\momma\Application Data\LimeWire\simpp.xml
c:\documents and settings\momma\Application Data\LimeWire\spam.dat
c:\documents and settings\momma\Application Data\LimeWire\tables.props
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\splashpro.png
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\momma\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\splashpro.png
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\momma\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\splashpro.png
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\momma\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\splashpro.png
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\momma\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\momma\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\momma\Application Data\LimeWire\ttdata.cache
c:\documents and settings\momma\Application Data\LimeWire\ttree.cache
c:\documents and settings\momma\Application Data\LimeWire\ttrees.cache
c:\documents and settings\momma\Application Data\LimeWire\ttroot.cache
c:\documents and settings\momma\Application Data\LimeWire\version.key
c:\documents and settings\momma\Application Data\LimeWire\version.xml
c:\documents and settings\momma\Application Data\LimeWire\versions.props
c:\documents and settings\momma\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\momma\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\momma\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\momma\Application Data\LimeWire\xml\data\video.sxml2
c:\documents and settings\momma\Application Data\LimeWire\xml\data\video.sxml3
c:\documents and settings\momma\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\momma\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\momma\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\momma\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\momma\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\momma\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\momma\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\momma\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\momma\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\momma\Application Data\LimeWire\xml\schemas\video.xsd
c:\windows\system32\fyjiewajwvluo.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 )))))))))))))))))))))))))))))))
.

2009-05-25 19:28 . 2009-05-25 19:28 -------- d-----w c:\documents and settings\Guest\Application Data\OnlineArmor
2009-05-24 19:39 . 2009-05-24 20:06 -------- d-----w c:\documents and settings\All Users\Application Data\OnlineArmor
2009-05-24 19:39 . 2009-05-24 19:39 -------- d-----w c:\documents and settings\momma\Application Data\OnlineArmor
2009-05-24 18:41 . 2009-05-24 18:41 -------- d-----w c:\program files\Tall Emu
2009-05-24 18:41 . 2009-04-28 09:38 29776 ----a-w c:\windows\system32\drivers\OAnet.sys
2009-05-24 18:41 . 2009-04-28 09:02 31824 ----a-w c:\windows\system32\drivers\OAmon.sys
2009-05-24 18:41 . 2009-04-28 09:01 198224 ----a-w c:\windows\system32\drivers\OADriver.sys
2009-05-24 18:39 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-24 18:39 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-24 18:39 . 2009-02-05 20:05 26944 ----a-w c:\windows\system32\drivers\aavmker4.sys
2009-05-24 18:39 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-24 18:39 . 2009-02-05 20:08 93296 ----a-w c:\windows\system32\drivers\aswmon.sys
2009-05-24 18:39 . 2009-02-05 20:08 94032 ----a-w c:\windows\system32\drivers\aswmon2.sys
2009-05-24 18:39 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-24 18:39 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-24 18:38 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-24 18:38 . 2009-05-24 18:38 -------- d-----w c:\program files\Alwil Software
2009-05-18 16:11 . 2009-05-18 16:11 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-18 15:39 . 2009-05-18 15:39 57344 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-22dfa643-n\Decora-SSE.dll
2009-05-18 15:39 . 2009-05-18 15:39 24064 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-38aa17b0-n\Decora-D3D.dll
2009-05-18 15:39 . 2009-05-18 15:39 315392 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-75fa4177-n\jogl.dll
2009-05-18 15:39 . 2009-05-18 15:39 20480 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-75fa4177-n\jogl_awt.dll
2009-05-18 15:39 . 2009-05-18 15:39 114688 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-75fa4177-n\jogl_cg.dll
2009-05-18 15:39 . 2009-05-18 15:39 20480 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-1e47f442-n\gluegen-rt.dll
2009-05-18 15:39 . 2009-05-18 15:39 499712 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5ec939ec-n\msvcp71.dll
2009-05-18 15:39 . 2009-05-18 15:39 499712 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5ec939ec-n\jmc.dll
2009-05-18 15:39 . 2009-05-18 15:39 348160 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5ec939ec-n\msvcr71.dll
2009-05-18 15:38 . 2009-05-18 15:38 152576 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-17 19:50 . 2009-05-17 19:51 -------- d-----w C:\rsit
2009-05-15 18:06 . 2007-09-17 14:34 136528 ------w c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4397.2.4\radioupd.exe
2009-05-15 17:37 . 2009-05-15 17:37 -------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-05-15 17:35 . 2009-05-15 18:04 -------- d-----w c:\program files\AIM6
2009-05-10 19:43 . 2009-05-10 19:43 -------- d-----w c:\program files\Trend Micro
2009-05-09 14:14 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-09 14:14 . 2009-03-06 20:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-09 14:14 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-09 14:14 . 2009-05-18 16:21 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-09 14:14 . 2009-05-18 16:37 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-29 14:45 . 2009-04-29 14:45 688640 ----a-w c:\windows\system32\nsn1EB.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 05:28 . 2009-02-11 04:43 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-23 20:34 . 2008-07-17 03:46 -------- d-----w c:\program files\MSECache
2009-05-22 20:13 . 2007-05-10 16:37 -------- d-----w c:\program files\Google
2009-05-18 16:21 . 2007-08-16 19:47 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-18 16:08 . 2007-06-13 21:32 -------- d-----w c:\program files\Hewlett-Packard
2009-05-18 15:38 . 2009-04-09 22:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-18 15:38 . 2007-05-10 16:29 -------- d-----w c:\program files\Java
2009-05-15 17:37 . 2007-05-10 16:35 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-15 17:37 . 2007-05-10 16:34 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-05-13 00:40 . 2007-10-12 01:25 -------- d-----w c:\program files\CCleaner
2009-05-10 16:11 . 2007-10-12 00:50 -------- d-----w c:\documents and settings\momma\Application Data\SUPERAntiSpyware.com
2009-05-10 15:57 . 2008-05-19 05:28 -------- d-----w c:\documents and settings\All Users\Application Data\Outspark
2009-05-10 15:57 . 2008-05-19 05:20 -------- d-----w c:\program files\Outspark
2009-05-09 21:58 . 2008-11-05 14:52 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-08 20:31 . 2007-08-16 17:16 -------- d-----w c:\documents and settings\momma\Application Data\Apple Computer
2009-05-06 14:51 . 2007-09-10 21:18 1842 ----a-w c:\documents and settings\momma\Application Data\wklnhst.dat
2009-04-27 12:33 . 2008-05-11 01:00 710 ----a-w c:\documents and settings\Guest\Application Data\wklnhst.dat
2009-04-22 16:28 . 2009-04-22 16:28 1915520 ----a-w c:\documents and settings\Guest\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-04-21 13:26 . 2009-02-12 22:57 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-04-21 13:26 . 2009-02-12 22:57 -------- d-----w c:\program files\NOS
2009-04-21 13:23 . 2009-04-21 13:23 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-21 13:22 . 2007-06-30 05:31 -------- d-----w c:\program files\Common Files\Adobe
2009-04-17 01:08 . 2009-04-17 01:08 -------- d-----w c:\program files\AML Products
2009-04-15 04:16 . 2008-05-30 02:21 -------- d-----w c:\documents and settings\Guest\Application Data\Apple Computer
2009-04-15 00:12 . 2009-04-15 00:12 0 ---ha-w c:\documents and settings\Guest\hpothb07.dat
2009-04-07 02:03 . 2009-04-07 02:02 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 02:03 . 2009-03-26 18:47 -------- d-----w c:\program files\iTunes
2009-04-07 02:02 . 2009-04-07 02:02 -------- d-----w c:\program files\iPod
2009-04-07 02:02 . 2007-08-16 17:15 -------- d-----w c:\program files\Common Files\Apple
2009-04-07 01:56 . 2009-04-07 01:56 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-07 01:55 . 2009-04-07 01:55 -------- d-----w c:\program files\Safari
2009-04-01 20:05 . 2008-08-21 23:26 -------- d-----w c:\documents and settings\Guest\Application Data\OpenOffice.org2
2009-04-01 16:42 . 2008-07-08 14:22 -------- d-----w c:\program files\OpenOffice.org 2.4
2009-04-01 16:35 . 2008-09-25 10:46 -------- d-----w c:\documents and settings\momma\Application Data\OpenOffice.org2
2009-04-01 16:14 . 2009-04-01 16:14 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-28 13:25 . 2007-06-15 21:04 -------- d-----w c:\program files\Apple Software Update
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2006-09-19 19:44 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-26 18:41 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2007-09-23 14:30 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
.

------- Sigcheck -------

[7] 2004-08-04 10:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-11-28 20:35 507904 3969440BA384D35317DBBDEEAAE641CE c:\windows\system32\winlogon.exe

[7] 2004-08-04 10:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-11-28 20:35 295424 63999D0ABD8DABFD76A9C07F6E104868 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-18_17.05.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-24 19:57 . 2009-05-24 19:57 16384 c:\windows\temp\Perflib_Perfdata_790.dat
+ 2009-05-24 19:57 . 2009-05-24 19:57 16384 c:\windows\temp\Perflib_Perfdata_4fc.dat
+ 2004-08-10 17:51 . 2009-05-24 18:41 67838 c:\windows\system32\perfc009.dat
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ARPPRODUCTICON.exe
+ 2009-05-23 20:35 . 2009-05-23 20:35 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
+ 2009-05-23 20:37 . 2009-05-23 20:37 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2003-07-15 02:57 . 2003-07-15 02:57 58944 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\SEQCHK10.DLL
+ 2003-07-15 02:52 . 2003-07-15 02:52 55360 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\MSOHTMED.EXE
+ 2004-08-10 17:51 . 2009-05-24 18:41 417164 c:\windows\system32\perfh009.dat
+ 2009-05-23 20:35 . 2009-05-23 20:35 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-05-03 16:09 . 2005-05-03 16:09 6864584 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\WORDVIEW.EXE
+ 2005-04-22 02:57 . 2005-04-22 02:57 12235968 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\MSO.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-05-10 26112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-18 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\OAui.exe" [2009-04-28 2045128]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-02-10 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-04-28 335048]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/9/2009 10:14 AM 130424]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/24/2009 2:39 PM 114768]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [5/24/2009 2:41 PM 198224]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [5/24/2009 2:41 PM 31824]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [5/24/2009 2:41 PM 29776]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/24/2009 2:39 PM 20560]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [5/24/2009 2:41 PM 361672]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/11/2007 6:47 PM 24652]
S2 gupdate1c98c0362dbb048;Google Update Service (gupdate1c98c0362dbb048);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2009 12:44 AM 133104]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [5/24/2009 2:41 PM 3052744]
.
Contents of the 'Scheduled Tasks' folder

2009-05-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 20:03]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000
FF - ProfilePath - c:\documents and settings\momma\Application Data\Mozilla\Firefox\Profiles\8dllqohr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 17:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(416)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'winlogon.exe'(3888)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'winlogon.exe'(4176)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-05-25 17:44
ComboFix-quarantined-files.txt 2009-05-25 21:44
ComboFix2.txt 2009-05-24 18:31
ComboFix3.txt 2009-05-18 17:07

Pre-Run: 99,048,865,792 bytes free
Post-Run: 99,051,859,968 bytes free

760 --- E O F --- 2009-05-13 07:02
Upload was successful



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:22 PM, on 5/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=6070510
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\OAui.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1450584279-1723378454-3865011881-1006\..\Run: [Aim6] (User 'Stud')
O4 - HKUS\S-1-5-21-1450584279-1723378454-3865011881-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Stud')
O4 - HKUS\S-1-5-21-1450584279-1723378454-3865011881-1006\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" (User 'Stud')
O4 - HKUS\S-1-5-21-1450584279-1723378454-3865011881-1008\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User '?')
O4 - HKUS\S-1-5-21-1450584279-1723378454-3865011881-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Guest')
O4 - S-1-5-21-1450584279-1723378454-3865011881-501 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Guest')
O4 - S-1-5-21-1450584279-1723378454-3865011881-501 User Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Guest')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c98c0362dbb048) (gupdate1c98c0362dbb048) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9659 bytes
smurphie
Regular Member
 
Posts: 22
Joined: May 10th, 2009, 3:47 pm

Re: Yoog Removal

Unread postby turtledove » May 26th, 2009, 11:00 am

Hello smurphie,

Thank you for the log. Can you post what error code you get or describe details with rebooting? Please also describe details of problems with Outlook.


Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\nsn1EB.dll
c:\documents and settings\Guest\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll




Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


**Restart your AV/Firewall**
Step 2
Post:
Error results
Outlook issues
ComboFix.txt

Thank you

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Yoog Removal

Unread postby smurphie » May 26th, 2009, 7:12 pm

We didn't need a Hijack This log today? Anyway, here you go. I rebooted & the error msg is gone. I guess something we've already done fixed it. Outlook is constantly trying to compact files & when I click "ok" it starts, but it never finishes, then the next time I open it it keeps asking again. If I say "cancel" it will pop back up in a minute or so & keep on the whole time I have it open.

Here is the ComboFix log.
Thanks,
Kathy


ComboFix 09-05-26.02 - momma 05/26/2009 19:04.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.601 [GMT -4:00]
Running from: c:\documents and settings\momma\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\momma\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090526-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))))))
.

2009-05-25 19:28 . 2009-05-25 19:28 -------- d-----w c:\documents and settings\Guest\Application Data\OnlineArmor
2009-05-24 19:39 . 2009-05-24 20:06 -------- d-----w c:\documents and settings\All Users\Application Data\OnlineArmor
2009-05-24 19:39 . 2009-05-24 19:39 -------- d-----w c:\documents and settings\momma\Application Data\OnlineArmor
2009-05-24 18:41 . 2009-05-24 18:41 -------- d-----w c:\program files\Tall Emu
2009-05-24 18:41 . 2009-04-28 09:38 29776 ----a-w c:\windows\system32\drivers\OAnet.sys
2009-05-24 18:41 . 2009-04-28 09:02 31824 ----a-w c:\windows\system32\drivers\OAmon.sys
2009-05-24 18:41 . 2009-04-28 09:01 198224 ----a-w c:\windows\system32\drivers\OADriver.sys
2009-05-24 18:39 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-24 18:39 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-24 18:39 . 2009-02-05 20:05 26944 ----a-w c:\windows\system32\drivers\aavmker4.sys
2009-05-24 18:39 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-24 18:39 . 2009-02-05 20:08 93296 ----a-w c:\windows\system32\drivers\aswmon.sys
2009-05-24 18:39 . 2009-02-05 20:08 94032 ----a-w c:\windows\system32\drivers\aswmon2.sys
2009-05-24 18:39 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-24 18:39 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-24 18:38 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-24 18:38 . 2009-05-24 18:38 -------- d-----w c:\program files\Alwil Software
2009-05-18 16:11 . 2009-05-18 16:11 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-18 15:39 . 2009-05-18 15:39 57344 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-22dfa643-n\Decora-SSE.dll
2009-05-18 15:39 . 2009-05-18 15:39 24064 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-38aa17b0-n\Decora-D3D.dll
2009-05-18 15:39 . 2009-05-18 15:39 315392 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-75fa4177-n\jogl.dll
2009-05-18 15:39 . 2009-05-18 15:39 20480 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-75fa4177-n\jogl_awt.dll
2009-05-18 15:39 . 2009-05-18 15:39 114688 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-75fa4177-n\jogl_cg.dll
2009-05-18 15:39 . 2009-05-18 15:39 20480 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-1e47f442-n\gluegen-rt.dll
2009-05-18 15:39 . 2009-05-18 15:39 499712 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5ec939ec-n\msvcp71.dll
2009-05-18 15:39 . 2009-05-18 15:39 499712 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5ec939ec-n\jmc.dll
2009-05-18 15:39 . 2009-05-18 15:39 348160 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5ec939ec-n\msvcr71.dll
2009-05-18 15:38 . 2009-05-18 15:38 152576 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-17 19:50 . 2009-05-17 19:51 -------- d-----w C:\rsit
2009-05-15 18:06 . 2007-09-17 14:34 136528 ------w c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4397.2.4\radioupd.exe
2009-05-15 17:37 . 2009-05-15 17:37 -------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-05-15 17:35 . 2009-05-15 18:04 -------- d-----w c:\program files\AIM6
2009-05-10 19:43 . 2009-05-10 19:43 -------- d-----w c:\program files\Trend Micro
2009-05-09 14:14 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-09 14:14 . 2009-03-06 20:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-09 14:14 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-09 14:14 . 2009-05-18 16:21 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-09 14:14 . 2009-05-18 16:37 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-29 14:45 . 2009-04-29 14:45 688640 ----a-w c:\windows\system32\nsn1EB.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 06:29 . 2009-02-11 04:43 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-23 20:34 . 2008-07-17 03:46 -------- d-----w c:\program files\MSECache
2009-05-22 20:13 . 2007-05-10 16:37 -------- d-----w c:\program files\Google
2009-05-18 16:21 . 2007-08-16 19:47 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-18 16:08 . 2007-06-13 21:32 -------- d-----w c:\program files\Hewlett-Packard
2009-05-18 15:38 . 2009-04-09 22:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-18 15:38 . 2007-05-10 16:29 -------- d-----w c:\program files\Java
2009-05-15 17:37 . 2007-05-10 16:35 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-15 17:37 . 2007-05-10 16:34 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-05-13 00:40 . 2007-10-12 01:25 -------- d-----w c:\program files\CCleaner
2009-05-10 16:11 . 2007-10-12 00:50 -------- d-----w c:\documents and settings\momma\Application Data\SUPERAntiSpyware.com
2009-05-10 15:57 . 2008-05-19 05:28 -------- d-----w c:\documents and settings\All Users\Application Data\Outspark
2009-05-10 15:57 . 2008-05-19 05:20 -------- d-----w c:\program files\Outspark
2009-05-09 21:58 . 2008-11-05 14:52 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-08 20:31 . 2007-08-16 17:16 -------- d-----w c:\documents and settings\momma\Application Data\Apple Computer
2009-05-06 14:51 . 2007-09-10 21:18 1842 ----a-w c:\documents and settings\momma\Application Data\wklnhst.dat
2009-04-27 12:33 . 2008-05-11 01:00 710 ----a-w c:\documents and settings\Guest\Application Data\wklnhst.dat
2009-04-22 16:28 . 2009-04-22 16:28 1915520 ----a-w c:\documents and settings\Guest\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-04-21 13:26 . 2009-02-12 22:57 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-04-21 13:26 . 2009-02-12 22:57 -------- d-----w c:\program files\NOS
2009-04-21 13:23 . 2009-04-21 13:23 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-21 13:22 . 2007-06-30 05:31 -------- d-----w c:\program files\Common Files\Adobe
2009-04-17 01:08 . 2009-04-17 01:08 -------- d-----w c:\program files\AML Products
2009-04-15 04:16 . 2008-05-30 02:21 -------- d-----w c:\documents and settings\Guest\Application Data\Apple Computer
2009-04-15 00:12 . 2009-04-15 00:12 0 ---ha-w c:\documents and settings\Guest\hpothb07.dat
2009-04-07 02:03 . 2009-04-07 02:02 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 02:03 . 2009-03-26 18:47 -------- d-----w c:\program files\iTunes
2009-04-07 02:02 . 2009-04-07 02:02 -------- d-----w c:\program files\iPod
2009-04-07 02:02 . 2007-08-16 17:15 -------- d-----w c:\program files\Common Files\Apple
2009-04-07 01:56 . 2009-04-07 01:56 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-07 01:55 . 2009-04-07 01:55 -------- d-----w c:\program files\Safari
2009-04-01 20:05 . 2008-08-21 23:26 -------- d-----w c:\documents and settings\Guest\Application Data\OpenOffice.org2
2009-04-01 16:42 . 2008-07-08 14:22 -------- d-----w c:\program files\OpenOffice.org 2.4
2009-04-01 16:35 . 2008-09-25 10:46 -------- d-----w c:\documents and settings\momma\Application Data\OpenOffice.org2
2009-04-01 16:14 . 2009-04-01 16:14 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-28 13:25 . 2007-06-15 21:04 -------- d-----w c:\program files\Apple Software Update
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2006-09-19 19:44 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-26 18:41 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2007-09-23 14:30 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
.

------- Sigcheck -------

[7] 2004-08-04 10:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-11-28 20:35 507904 3969440BA384D35317DBBDEEAAE641CE c:\windows\system32\winlogon.exe

[7] 2004-08-04 10:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-11-28 20:35 295424 63999D0ABD8DABFD76A9C07F6E104868 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-18_17.05.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-26 22:59 . 2009-05-26 22:59 16384 c:\windows\temp\Perflib_Perfdata_504.dat
+ 2009-05-26 23:00 . 2009-05-26 23:00 16384 c:\windows\temp\Perflib_Perfdata_180.dat
+ 2004-08-10 17:51 . 2009-05-24 18:41 67838 c:\windows\system32\perfc009.dat
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ARPPRODUCTICON.exe
+ 2009-05-23 20:35 . 2009-05-23 20:35 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
+ 2009-05-23 20:37 . 2009-05-23 20:37 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2003-07-15 02:57 . 2003-07-15 02:57 58944 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\SEQCHK10.DLL
+ 2003-07-15 02:52 . 2003-07-15 02:52 55360 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\MSOHTMED.EXE
+ 2004-08-10 17:51 . 2009-05-24 18:41 417164 c:\windows\system32\perfh009.dat
+ 2009-05-23 20:35 . 2009-05-23 20:35 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-05-03 16:09 . 2005-05-03 16:09 6864584 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\WORDVIEW.EXE
+ 2005-04-22 02:57 . 2005-04-22 02:57 12235968 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\MSO.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-05-10 26112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-18 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-04-28 2045128]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-02-10 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-04-28 335048]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/9/2009 10:14 AM 130424]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/24/2009 2:39 PM 114768]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [5/24/2009 2:41 PM 198224]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [5/24/2009 2:41 PM 31824]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [5/24/2009 2:41 PM 29776]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/24/2009 2:39 PM 20560]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [5/24/2009 2:41 PM 361672]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/11/2007 6:47 PM 24652]
S2 gupdate1c98c0362dbb048;Google Update Service (gupdate1c98c0362dbb048);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2009 12:44 AM 133104]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [5/24/2009 2:41 PM 3052744]
.
Contents of the 'Scheduled Tasks' folder

2009-05-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 20:03]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000
FF - ProfilePath - c:\documents and settings\momma\Application Data\Mozilla\Firefox\Profiles\8dllqohr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 19:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2900)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll
c:\windows\System32\DLA\DLASHX_W.DLL
c:\windows\system32\DLAAPI_W.DLL
c:\windows\System32\DLA\DLACResW.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2009-05-26 19:08
ComboFix-quarantined-files.txt 2009-05-26 23:08
ComboFix2.txt 2009-05-25 21:44
ComboFix3.txt 2009-05-24 18:31
ComboFix4.txt 2009-05-18 17:07

Pre-Run: 97,738,432,512 bytes free
Post-Run: 97,721,987,072 bytes free

238 --- E O F --- 2009-05-13 07:02
smurphie
Regular Member
 
Posts: 22
Joined: May 10th, 2009, 3:47 pm

Re: Yoog Removal

Unread postby turtledove » May 27th, 2009, 3:18 am

Hello smurphie,

We need to try again on those files.
Please Copy/Print out the instructions for easy reference.

Step 1
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.



Step 2

1. Close any open browsers.

2. Close/disable all anti virus, anti malware programs and Firewall so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\nsn1EB.dll
c:\documents and settings\Guest\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe




Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


**Be sure Anti Virus and Firewall are turned on

Step 2
Please run and save a new HijackThis Scan


Post
GooredFix results
New Combofix.txt
A New HijackThis log
Any other issues
* May require 2 separate posts to get all information posted
Thank you

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Yoog Removal

Unread postby smurphie » May 27th, 2009, 8:12 pm

GooredFix v1.92 by jpshortstuff
Log created at 20:11 on 27/05/2009 running Option #1 (momma)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"
smurphie
Regular Member
 
Posts: 22
Joined: May 10th, 2009, 3:47 pm

Re: Yoog Removal

Unread postby turtledove » May 28th, 2009, 12:58 am

Hello smurphie,

Please post the new Combofix.txt and the new HijackThis log as described in my last instructions.
I need you to post these to see how we need to proceed next.
Thank you

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Yoog Removal

Unread postby smurphie » May 28th, 2009, 11:15 am

ComboFix 09-05-26.05 - momma 05/28/2009 11:08.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.404 [GMT -4:00]
Running from: c:\documents and settings\momma\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\momma\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090527-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.

2009-05-25 19:28 . 2009-05-25 19:28 -------- d-----w c:\documents and settings\Guest\Application Data\OnlineArmor
2009-05-24 19:39 . 2009-05-24 20:06 -------- d-----w c:\documents and settings\All Users\Application Data\OnlineArmor
2009-05-24 19:39 . 2009-05-24 19:39 -------- d-----w c:\documents and settings\momma\Application Data\OnlineArmor
2009-05-24 18:41 . 2009-05-24 18:41 -------- d-----w c:\program files\Tall Emu
2009-05-24 18:41 . 2009-04-28 09:38 29776 ----a-w c:\windows\system32\drivers\OAnet.sys
2009-05-24 18:41 . 2009-04-28 09:02 31824 ----a-w c:\windows\system32\drivers\OAmon.sys
2009-05-24 18:41 . 2009-04-28 09:01 198224 ----a-w c:\windows\system32\drivers\OADriver.sys
2009-05-24 18:39 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-24 18:39 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-24 18:39 . 2009-02-05 20:05 26944 ----a-w c:\windows\system32\drivers\aavmker4.sys
2009-05-24 18:39 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-24 18:39 . 2009-02-05 20:08 93296 ----a-w c:\windows\system32\drivers\aswmon.sys
2009-05-24 18:39 . 2009-02-05 20:08 94032 ----a-w c:\windows\system32\drivers\aswmon2.sys
2009-05-24 18:39 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-24 18:39 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-24 18:38 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-24 18:38 . 2009-05-24 18:38 -------- d-----w c:\program files\Alwil Software
2009-05-18 16:11 . 2009-05-18 16:11 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-18 15:39 . 2009-05-18 15:39 57344 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-22dfa643-n\Decora-SSE.dll
2009-05-18 15:39 . 2009-05-18 15:39 24064 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-38aa17b0-n\Decora-D3D.dll
2009-05-18 15:39 . 2009-05-18 15:39 315392 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-75fa4177-n\jogl.dll
2009-05-18 15:39 . 2009-05-18 15:39 20480 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-75fa4177-n\jogl_awt.dll
2009-05-18 15:39 . 2009-05-18 15:39 114688 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-75fa4177-n\jogl_cg.dll
2009-05-18 15:39 . 2009-05-18 15:39 20480 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-1e47f442-n\gluegen-rt.dll
2009-05-18 15:39 . 2009-05-18 15:39 499712 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5ec939ec-n\msvcp71.dll
2009-05-18 15:39 . 2009-05-18 15:39 499712 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5ec939ec-n\jmc.dll
2009-05-18 15:39 . 2009-05-18 15:39 348160 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5ec939ec-n\msvcr71.dll
2009-05-18 15:38 . 2009-05-18 15:38 152576 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-17 19:50 . 2009-05-17 19:51 -------- d-----w C:\rsit
2009-05-15 18:06 . 2007-09-17 14:34 136528 ------w c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4397.2.4\radioupd.exe
2009-05-15 17:37 . 2009-05-15 17:37 -------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-05-15 17:35 . 2009-05-15 18:04 -------- d-----w c:\program files\AIM6
2009-05-10 19:43 . 2009-05-10 19:43 -------- d-----w c:\program files\Trend Micro
2009-05-09 14:14 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-09 14:14 . 2009-03-06 20:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-09 14:14 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-09 14:14 . 2009-05-18 16:21 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-09 14:14 . 2009-05-18 16:37 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-29 14:45 . 2009-04-29 14:45 688640 ----a-w c:\windows\system32\nsn1EB.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-27 07:30 . 2009-02-11 04:43 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-23 20:34 . 2008-07-17 03:46 -------- d-----w c:\program files\MSECache
2009-05-22 20:13 . 2007-05-10 16:37 -------- d-----w c:\program files\Google
2009-05-18 16:21 . 2007-08-16 19:47 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-18 16:08 . 2007-06-13 21:32 -------- d-----w c:\program files\Hewlett-Packard
2009-05-18 15:38 . 2009-04-09 22:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-18 15:38 . 2007-05-10 16:29 -------- d-----w c:\program files\Java
2009-05-15 17:37 . 2007-05-10 16:35 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-15 17:37 . 2007-05-10 16:34 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-05-13 00:40 . 2007-10-12 01:25 -------- d-----w c:\program files\CCleaner
2009-05-10 16:11 . 2007-10-12 00:50 -------- d-----w c:\documents and settings\momma\Application Data\SUPERAntiSpyware.com
2009-05-10 15:57 . 2008-05-19 05:28 -------- d-----w c:\documents and settings\All Users\Application Data\Outspark
2009-05-10 15:57 . 2008-05-19 05:20 -------- d-----w c:\program files\Outspark
2009-05-09 21:58 . 2008-11-05 14:52 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-08 20:31 . 2007-08-16 17:16 -------- d-----w c:\documents and settings\momma\Application Data\Apple Computer
2009-05-06 14:51 . 2007-09-10 21:18 1842 ----a-w c:\documents and settings\momma\Application Data\wklnhst.dat
2009-04-27 12:33 . 2008-05-11 01:00 710 ----a-w c:\documents and settings\Guest\Application Data\wklnhst.dat
2009-04-22 16:28 . 2009-04-22 16:28 1915520 ----a-w c:\documents and settings\Guest\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-04-21 13:26 . 2009-02-12 22:57 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-04-21 13:26 . 2009-02-12 22:57 -------- d-----w c:\program files\NOS
2009-04-21 13:23 . 2009-04-21 13:23 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-21 13:22 . 2007-06-30 05:31 -------- d-----w c:\program files\Common Files\Adobe
2009-04-17 01:08 . 2009-04-17 01:08 -------- d-----w c:\program files\AML Products
2009-04-15 04:16 . 2008-05-30 02:21 -------- d-----w c:\documents and settings\Guest\Application Data\Apple Computer
2009-04-15 00:12 . 2009-04-15 00:12 0 ---ha-w c:\documents and settings\Guest\hpothb07.dat
2009-04-07 02:03 . 2009-04-07 02:02 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 02:03 . 2009-03-26 18:47 -------- d-----w c:\program files\iTunes
2009-04-07 02:02 . 2009-04-07 02:02 -------- d-----w c:\program files\iPod
2009-04-07 02:02 . 2007-08-16 17:15 -------- d-----w c:\program files\Common Files\Apple
2009-04-07 01:56 . 2009-04-07 01:56 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-07 01:55 . 2009-04-07 01:55 -------- d-----w c:\program files\Safari
2009-04-01 20:05 . 2008-08-21 23:26 -------- d-----w c:\documents and settings\Guest\Application Data\OpenOffice.org2
2009-04-01 16:42 . 2008-07-08 14:22 -------- d-----w c:\program files\OpenOffice.org 2.4
2009-04-01 16:35 . 2008-09-25 10:46 -------- d-----w c:\documents and settings\momma\Application Data\OpenOffice.org2
2009-04-01 16:14 . 2009-04-01 16:14 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2006-09-19 19:44 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-26 18:41 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2007-09-23 14:30 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
.

------- Sigcheck -------

[7] 2004-08-04 10:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-11-28 20:35 507904 3969440BA384D35317DBBDEEAAE641CE c:\windows\system32\winlogon.exe

[7] 2004-08-04 10:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-11-28 20:35 295424 63999D0ABD8DABFD76A9C07F6E104868 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-18_17.05.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-26 22:59 . 2009-05-26 22:59 16384 c:\windows\temp\Perflib_Perfdata_504.dat
+ 2009-05-26 23:00 . 2009-05-26 23:00 16384 c:\windows\temp\Perflib_Perfdata_180.dat
+ 2004-08-10 17:51 . 2009-05-24 18:41 67838 c:\windows\system32\perfc009.dat
+ 2007-06-12 05:57 . 2009-05-27 07:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-06-12 05:57 . 2009-05-10 15:14 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-06-12 05:57 . 2009-05-27 07:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-06-12 05:57 . 2009-05-10 15:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-06-12 05:57 . 2009-05-27 07:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-06-12 05:57 . 2009-05-10 15:14 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ARPPRODUCTICON.exe
+ 2009-05-23 20:35 . 2009-05-23 20:35 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
+ 2009-05-23 20:37 . 2009-05-23 20:37 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2003-07-15 02:57 . 2003-07-15 02:57 58944 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\SEQCHK10.DLL
+ 2003-07-15 02:52 . 2003-07-15 02:52 55360 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\MSOHTMED.EXE
+ 2004-08-10 17:51 . 2009-05-24 18:41 417164 c:\windows\system32\perfh009.dat
+ 2009-05-23 20:35 . 2009-05-23 20:35 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-05-03 16:09 . 2005-05-03 16:09 6864584 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\WORDVIEW.EXE
+ 2005-04-22 02:57 . 2005-04-22 02:57 12235968 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\MSO.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-05-10 26112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-18 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-04-28 2045128]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-02-10 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-04-28 335048]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/9/2009 10:14 AM 130424]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/24/2009 2:39 PM 114768]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [5/24/2009 2:41 PM 198224]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [5/24/2009 2:41 PM 31824]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [5/24/2009 2:41 PM 29776]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/24/2009 2:39 PM 20560]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [5/24/2009 2:41 PM 361672]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/11/2007 6:47 PM 24652]
S2 gupdate1c98c0362dbb048;Google Update Service (gupdate1c98c0362dbb048);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2009 12:44 AM 133104]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [5/24/2009 2:41 PM 3052744]
.
Contents of the 'Scheduled Tasks' folder

2009-05-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 20:03]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000
FF - ProfilePath - c:\documents and settings\momma\Application Data\Mozilla\Firefox\Profiles\8dllqohr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-28 11:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(416)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'winlogon.exe'(2676)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(2256)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'explorer.exe'(4092)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-28 11:11
ComboFix-quarantined-files.txt 2009-05-28 15:11
ComboFix2.txt 2009-05-28 00:20
ComboFix3.txt 2009-05-26 23:08
ComboFix4.txt 2009-05-25 21:44
ComboFix5.txt 2009-05-28 00:46

Pre-Run: 97,667,198,976 bytes free
Post-Run: 97,644,888,064 bytes free

252 --- E O F --- 2009-05-13 07:02


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:28 AM, on 5/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=6070510
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1450584279-1723378454-3865011881-1006\..\Run: [Aim6] (User 'Stud')
O4 - HKUS\S-1-5-21-1450584279-1723378454-3865011881-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Stud')
O4 - HKUS\S-1-5-21-1450584279-1723378454-3865011881-1006\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" (User 'Stud')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c98c0362dbb048) (gupdate1c98c0362dbb048) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9097 bytes
Sorry about the delay. Something came up yesterday. Here is the rest of what you needed.

I'm still getting crazy "compact Outlook" requests. Seems like more when the AV & FW are off, but I'm not sure,
Thanks
smurphie
Regular Member
 
Posts: 22
Joined: May 10th, 2009, 3:47 pm

Re: Yoog Removal

Unread postby smurphie » May 28th, 2009, 11:15 am

ComboFix 09-05-26.05 - momma 05/28/2009 11:08.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.404 [GMT -4:00]
Running from: c:\documents and settings\momma\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\momma\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090527-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.

2009-05-25 19:28 . 2009-05-25 19:28 -------- d-----w c:\documents and settings\Guest\Application Data\OnlineArmor
2009-05-24 19:39 . 2009-05-24 20:06 -------- d-----w c:\documents and settings\All Users\Application Data\OnlineArmor
2009-05-24 19:39 . 2009-05-24 19:39 -------- d-----w c:\documents and settings\momma\Application Data\OnlineArmor
2009-05-24 18:41 . 2009-05-24 18:41 -------- d-----w c:\program files\Tall Emu
2009-05-24 18:41 . 2009-04-28 09:38 29776 ----a-w c:\windows\system32\drivers\OAnet.sys
2009-05-24 18:41 . 2009-04-28 09:02 31824 ----a-w c:\windows\system32\drivers\OAmon.sys
2009-05-24 18:41 . 2009-04-28 09:01 198224 ----a-w c:\windows\system32\drivers\OADriver.sys
2009-05-24 18:39 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-24 18:39 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-24 18:39 . 2009-02-05 20:05 26944 ----a-w c:\windows\system32\drivers\aavmker4.sys
2009-05-24 18:39 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-24 18:39 . 2009-02-05 20:08 93296 ----a-w c:\windows\system32\drivers\aswmon.sys
2009-05-24 18:39 . 2009-02-05 20:08 94032 ----a-w c:\windows\system32\drivers\aswmon2.sys
2009-05-24 18:39 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-24 18:39 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-24 18:38 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-24 18:38 . 2009-05-24 18:38 -------- d-----w c:\program files\Alwil Software
2009-05-18 16:11 . 2009-05-18 16:11 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-18 15:39 . 2009-05-18 15:39 57344 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-22dfa643-n\Decora-SSE.dll
2009-05-18 15:39 . 2009-05-18 15:39 24064 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-38aa17b0-n\Decora-D3D.dll
2009-05-18 15:39 . 2009-05-18 15:39 315392 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-75fa4177-n\jogl.dll
2009-05-18 15:39 . 2009-05-18 15:39 20480 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-75fa4177-n\jogl_awt.dll
2009-05-18 15:39 . 2009-05-18 15:39 114688 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-75fa4177-n\jogl_cg.dll
2009-05-18 15:39 . 2009-05-18 15:39 20480 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-1e47f442-n\gluegen-rt.dll
2009-05-18 15:39 . 2009-05-18 15:39 499712 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5ec939ec-n\msvcp71.dll
2009-05-18 15:39 . 2009-05-18 15:39 499712 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5ec939ec-n\jmc.dll
2009-05-18 15:39 . 2009-05-18 15:39 348160 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5ec939ec-n\msvcr71.dll
2009-05-18 15:38 . 2009-05-18 15:38 152576 ----a-w c:\documents and settings\momma\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-17 19:50 . 2009-05-17 19:51 -------- d-----w C:\rsit
2009-05-15 18:06 . 2007-09-17 14:34 136528 ------w c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4397.2.4\radioupd.exe
2009-05-15 17:37 . 2009-05-15 17:37 -------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-05-15 17:35 . 2009-05-15 18:04 -------- d-----w c:\program files\AIM6
2009-05-10 19:43 . 2009-05-10 19:43 -------- d-----w c:\program files\Trend Micro
2009-05-09 14:14 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-09 14:14 . 2009-03-06 20:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-09 14:14 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-09 14:14 . 2009-05-18 16:21 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-09 14:14 . 2009-05-18 16:37 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-29 14:45 . 2009-04-29 14:45 688640 ----a-w c:\windows\system32\nsn1EB.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-27 07:30 . 2009-02-11 04:43 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-23 20:34 . 2008-07-17 03:46 -------- d-----w c:\program files\MSECache
2009-05-22 20:13 . 2007-05-10 16:37 -------- d-----w c:\program files\Google
2009-05-18 16:21 . 2007-08-16 19:47 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-18 16:08 . 2007-06-13 21:32 -------- d-----w c:\program files\Hewlett-Packard
2009-05-18 15:38 . 2009-04-09 22:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-18 15:38 . 2007-05-10 16:29 -------- d-----w c:\program files\Java
2009-05-15 17:37 . 2007-05-10 16:35 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-15 17:37 . 2007-05-10 16:34 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-05-13 00:40 . 2007-10-12 01:25 -------- d-----w c:\program files\CCleaner
2009-05-10 16:11 . 2007-10-12 00:50 -------- d-----w c:\documents and settings\momma\Application Data\SUPERAntiSpyware.com
2009-05-10 15:57 . 2008-05-19 05:28 -------- d-----w c:\documents and settings\All Users\Application Data\Outspark
2009-05-10 15:57 . 2008-05-19 05:20 -------- d-----w c:\program files\Outspark
2009-05-09 21:58 . 2008-11-05 14:52 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-08 20:31 . 2007-08-16 17:16 -------- d-----w c:\documents and settings\momma\Application Data\Apple Computer
2009-05-06 14:51 . 2007-09-10 21:18 1842 ----a-w c:\documents and settings\momma\Application Data\wklnhst.dat
2009-04-27 12:33 . 2008-05-11 01:00 710 ----a-w c:\documents and settings\Guest\Application Data\wklnhst.dat
2009-04-22 16:28 . 2009-04-22 16:28 1915520 ----a-w c:\documents and settings\Guest\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-04-21 13:26 . 2009-02-12 22:57 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-04-21 13:26 . 2009-02-12 22:57 -------- d-----w c:\program files\NOS
2009-04-21 13:23 . 2009-04-21 13:23 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-21 13:22 . 2007-06-30 05:31 -------- d-----w c:\program files\Common Files\Adobe
2009-04-17 01:08 . 2009-04-17 01:08 -------- d-----w c:\program files\AML Products
2009-04-15 04:16 . 2008-05-30 02:21 -------- d-----w c:\documents and settings\Guest\Application Data\Apple Computer
2009-04-15 00:12 . 2009-04-15 00:12 0 ---ha-w c:\documents and settings\Guest\hpothb07.dat
2009-04-07 02:03 . 2009-04-07 02:02 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 02:03 . 2009-03-26 18:47 -------- d-----w c:\program files\iTunes
2009-04-07 02:02 . 2009-04-07 02:02 -------- d-----w c:\program files\iPod
2009-04-07 02:02 . 2007-08-16 17:15 -------- d-----w c:\program files\Common Files\Apple
2009-04-07 01:56 . 2009-04-07 01:56 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-07 01:55 . 2009-04-07 01:55 -------- d-----w c:\program files\Safari
2009-04-01 20:05 . 2008-08-21 23:26 -------- d-----w c:\documents and settings\Guest\Application Data\OpenOffice.org2
2009-04-01 16:42 . 2008-07-08 14:22 -------- d-----w c:\program files\OpenOffice.org 2.4
2009-04-01 16:35 . 2008-09-25 10:46 -------- d-----w c:\documents and settings\momma\Application Data\OpenOffice.org2
2009-04-01 16:14 . 2009-04-01 16:14 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2006-09-19 19:44 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 14:22 . 2004-08-10 17:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-26 18:41 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2007-09-23 14:30 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
.

------- Sigcheck -------

[7] 2004-08-04 10:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-11-28 20:35 507904 3969440BA384D35317DBBDEEAAE641CE c:\windows\system32\winlogon.exe

[7] 2004-08-04 10:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-11-28 20:35 295424 63999D0ABD8DABFD76A9C07F6E104868 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-18_17.05.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-26 22:59 . 2009-05-26 22:59 16384 c:\windows\temp\Perflib_Perfdata_504.dat
+ 2009-05-26 23:00 . 2009-05-26 23:00 16384 c:\windows\temp\Perflib_Perfdata_180.dat
+ 2004-08-10 17:51 . 2009-05-24 18:41 67838 c:\windows\system32\perfc009.dat
+ 2007-06-12 05:57 . 2009-05-27 07:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-06-12 05:57 . 2009-05-10 15:14 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-06-12 05:57 . 2009-05-27 07:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-06-12 05:57 . 2009-05-10 15:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-06-12 05:57 . 2009-05-27 07:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-06-12 05:57 . 2009-05-10 15:14 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-05-22 20:14 . 2009-05-22 20:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ARPPRODUCTICON.exe
+ 2009-05-23 20:35 . 2009-05-23 20:35 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
+ 2009-05-23 20:37 . 2009-05-23 20:37 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2003-07-15 02:57 . 2003-07-15 02:57 58944 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\SEQCHK10.DLL
+ 2003-07-15 02:52 . 2003-07-15 02:52 55360 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\MSOHTMED.EXE
+ 2004-08-10 17:51 . 2009-05-24 18:41 417164 c:\windows\system32\perfh009.dat
+ 2009-05-23 20:35 . 2009-05-23 20:35 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-05-03 16:09 . 2005-05-03 16:09 6864584 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\WORDVIEW.EXE
+ 2005-04-22 02:57 . 2005-04-22 02:57 12235968 c:\windows\Installer\$PatchCache$\Managed\9040580900063D11C8EF10054038389C\11.0.6506\MSO.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-05-10 26112]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-18 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-04-28 2045128]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-02-10 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-04-28 335048]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/9/2009 10:14 AM 130424]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/24/2009 2:39 PM 114768]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [5/24/2009 2:41 PM 198224]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [5/24/2009 2:41 PM 31824]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [5/24/2009 2:41 PM 29776]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/24/2009 2:39 PM 20560]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [5/24/2009 2:41 PM 361672]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/11/2007 6:47 PM 24652]
S2 gupdate1c98c0362dbb048;Google Update Service (gupdate1c98c0362dbb048);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2009 12:44 AM 133104]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [5/24/2009 2:41 PM 3052744]
.
Contents of the 'Scheduled Tasks' folder

2009-05-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 20:03]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000
FF - ProfilePath - c:\documents and settings\momma\Application Data\Mozilla\Firefox\Profiles\8dllqohr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-28 11:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(416)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'winlogon.exe'(2676)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(2256)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'explorer.exe'(4092)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-28 11:11
ComboFix-quarantined-files.txt 2009-05-28 15:11
ComboFix2.txt 2009-05-28 00:20
ComboFix3.txt 2009-05-26 23:08
ComboFix4.txt 2009-05-25 21:44
ComboFix5.txt 2009-05-28 00:46

Pre-Run: 97,667,198,976 bytes free
Post-Run: 97,644,888,064 bytes free

252 --- E O F --- 2009-05-13 07:02


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:28 AM, on 5/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=6070510
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1450584279-1723378454-3865011881-1006\..\Run: [Aim6] (User 'Stud')
O4 - HKUS\S-1-5-21-1450584279-1723378454-3865011881-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Stud')
O4 - HKUS\S-1-5-21-1450584279-1723378454-3865011881-1006\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" (User 'Stud')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c98c0362dbb048) (gupdate1c98c0362dbb048) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9097 bytes
Sorry about the delay. Something came up yesterday. Here is the rest of what you needed.

I'm still getting crazy "compact Outlook" requests. Seems like more when the AV & FW are off, but I'm not sure,
Thanks
smurphie
Regular Member
 
Posts: 22
Joined: May 10th, 2009, 3:47 pm

Re: Yoog Removal

Unread postby turtledove » May 28th, 2009, 7:22 pm

Hello smurpie,
That's fine, thanks for the logs. :)

*Please Copy/Print instructions for reference*
First
Close all windows including the browser and start HijackThis.
Select Do a Scan Only. Place a check in the following lines:
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZCfox000
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)


Click Fix Checked. Close HijackThis.

Reboot Computer.

Second
Eset NOD32 Online AntiVirus

Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Antivirus and Firewall software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.


Next
Please rerun HijackThis and scan, save new log.

Please Post
ESET log.txt
New HijackThis Scan log

Thank you
TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Yoog Removal

Unread postby smurphie » May 28th, 2009, 9:52 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=88d8fd18006ea84e862cac5b47bc6914
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-05-29 01:43:59
# local_time=2009-05-28 09:43:59 (-0500, Eastern Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=769 37 100 100 25852031250
# compatibility_mode=6401 61 66 100 26499079386760
# scanned=74855
# found=80
# cleaned=0
# scan_time=2304
C:\Documents and Settings\All Users\Documents\My Music\30 seconds to mars acoustic - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
C:\Documents and Settings\All Users\Documents\My Music\30 seconds to mars acoustic CD quality.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
C:\Documents and Settings\All Users\Documents\My Music\nistor eb(Club MIX).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
C:\Documents and Settings\All Users\Documents\My Music\ziggy marley reggae.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
C:\Documents and Settings\momma\My Documents\LimeWire\Saved\blood mood - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
C:\Documents and Settings\momma\My Documents\LimeWire\Saved\blood mood extended live version.snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
C:\Documents and Settings\momma\My Documents\LimeWire\Saved\do it again beach boys.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
C:\Documents and Settings\momma\My Documents\LimeWire\Saved\jimmy buffet license to chill.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
C:\Documents and Settings\momma\My Documents\LimeWire\Saved\kinda kinky_ ursula 1000 - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
C:\Documents and Settings\momma\My Documents\LimeWire\Saved\men at work - bonus track.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
C:\Documents and Settings\momma\My Documents\LimeWire\Saved\men at work live.snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
C:\Documents and Settings\momma\My Documents\LimeWire\Saved\reign u n k l 2009.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
C:\Documents and Settings\momma\My Documents\LimeWire\Saved\roud to rouen supergrass.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
C:\Documents and Settings\momma\My Documents\LimeWire\Saved\Shontelle Ft Beanie Man - Naughty.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
C:\Documents and Settings\momma\My Documents\LimeWire\Saved\_promised land_ mashek fashek - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
C:\Documents and Settings\momma\My Documents\LimeWire\Saved\“ low c ” supergrass.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
C:\Documents and Settings\momma\My Documents\LimeWire\Saved\“ no regrets death on [new single].au a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000
C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL.vir Win32/FunWeb application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE.vir Win32/Adware.FunWeb application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\cccdd.bak1.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\cccdd.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\cccdd.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\cccdd.ini2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\cccdd.tmp.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\jtvgiwvd.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\wyjhenli.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP452\A0059100.EXE Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073154.dll Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073155.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073156.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073157.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073161.DLL Win32/FunWeb application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073162.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073164.SCR Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073166.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073167.EXE Win32/Adware.FunWeb application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073168.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073171.EXE Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073172.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073173.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073175.EXE Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073176.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073178.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073179.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073180.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073182.EXE Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073183.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073184.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073185.EXE Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073186.DLL Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073195.scr Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073225.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073226.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP470\A0073227.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:26 PM, on 5/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=6070510
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c98c0362dbb048) (gupdate1c98c0362dbb048) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8612 bytes
Ok.... here you go. Hope it helps. These are some pretty cool free programs. Thanks for all your help.
smurphie
Regular Member
 
Posts: 22
Joined: May 10th, 2009, 3:47 pm

Re: Yoog Removal

Unread postby turtledove » May 29th, 2009, 12:51 am

Hello smurphie,

Thanks for the logs. Good job so far. You're welcome. :)

*Please copy/Print these instructions for reference*
First
*Note change in instruction here* in red

Rerun Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Antivirus and Firewall software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.


Second

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


color=blue]Post[/color]
ESET log.txt
MBAM Scan
A new HijackThis log
Any issues you still have and how the computer is running

Thank you

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Yoog Removal

Unread postby smurphie » May 31st, 2009, 11:35 pm

TD..... Sorry for the delayed response. This step was a bit time consuming. Work happened to be busy the past couple of days & my son graduates High School on Wed. I've been running like the proverbial chicken. I finally had the time to do the downloads & run the programs. The MBAM scan took an hour and a half alone. So my apologies. I hope you haven't given up on me. Here are the logs......

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=88d8fd18006ea84e862cac5b47bc6914
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-05-29 01:43:59
# local_time=2009-05-28 09:43:59 (-0500, Eastern

Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=769 37 100 100 25852031250
# compatibility_mode=6401 61 66 100 26499079386760
# scanned=74855
# found=80
# cleaned=0
# scan_time=2304
C:\Documents and Settings\All Users\Documents\My

Music\30 seconds to mars acoustic - greatest

hits.mp3 a variant of

WMA/TrojanDownloader.GetCodec.gen trojan

00000000000000000000000000000000
C:\Documents and Settings\All Users\Documents\My

Music\30 seconds to mars acoustic CD quality.mp3

a variant of WMA/TrojanDownloader.GetCodec.gen

trojan 00000000000000000000000000000000
C:\Documents and Settings\All Users\Documents\My

Music\nistor eb(Club MIX).mp3 a variant of

WMA/TrojanDownloader.GetCodec.gen trojan

00000000000000000000000000000000
C:\Documents and Settings\All Users\Documents\My

Music\ziggy marley reggae.mp3 a variant of

WMA/TrojanDownloader.GetCodec.gen trojan

00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\blood mood - greatest

hits.mp3 a variant of

WMA/TrojanDownloader.GetCodec.gen trojan

00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\blood mood extended live

version.snd a variant of

WMA/TrojanDownloader.GetCodec.gen trojan

00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\do it again beach boys.wma

a variant of WMA/TrojanDownloader.GetCodec.gen

trojan 00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\jimmy buffet license to

chill.wma a variant of

WMA/TrojanDownloader.GetCodec.gen trojan

00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\kinda kinky_ ursula 1000 -

greatest hits.mp3 a variant of

WMA/TrojanDownloader.GetCodec.gen trojan

00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\men at work - bonus

track.mp3 a variant of

WMA/TrojanDownloader.GetCodec.gen trojan

00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\men at work live.snd a

variant of WMA/TrojanDownloader.GetCodec.gen trojan

00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\reign u n k l 2009.mp3 a

variant of WMA/TrojanDownloader.GetCodec.gen trojan

00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\roud to rouen

supergrass.mp3 a variant of

WMA/TrojanDownloader.GetCodec.gen trojan

00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\Shontelle Ft Beanie Man -

Naughty.mp3 a variant of

WMA/TrojanDownloader.GetCodec.gen trojan

00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\_promised land_ mashek

fashek - greatest hits.mp3 a variant of

WMA/TrojanDownloader.GetCodec.gen trojan

00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\“ low c ” supergrass.mp3

a variant of WMA/TrojanDownloader.GetCodec.gen

trojan 00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\“ no regrets death on [new

single].au a variant of

WMA/TrojanDownloader.GetCodec.gen trojan

00000000000000000000000000000000
C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Program Files\Mozilla

Firefox\plugins\NPMyWebS.dll

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\Internet

Explorer\msimg32.dll.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL.vir

Win32/FunWeb application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE.vir

Win32/Adware.FunWeb application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3HTML.DLL.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3IDLE.DLL.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3MSG.DLL.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3SKIN.DLL.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\MWSSVC.EXE.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL.vir

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32

\cccdd.bak1.vir Win32/Adware.Virtumonde.NEO

application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32

\cccdd.bak2.vir Win32/Adware.Virtumonde.NEO

application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32

\cccdd.ini.vir Win32/Adware.Virtumonde.NEO

application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32

\cccdd.ini2.vir Win32/Adware.Virtumonde.NEO

application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32

\cccdd.tmp.vir Win32/Adware.Virtumonde.NEO

application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32

\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch

application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32

\jtvgiwvd.ini.vir Win32/Adware.Virtumonde.NEO

application 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32

\wyjhenli.ini.vir Win32/Adware.Virtumonde.NEO

application 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP452\A0059100.EXE

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073154.dll

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073155.DLL

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073156.DLL

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073157.DLL

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073161.DLL

Win32/FunWeb application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073162.DLL

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073164.SCR

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073166.DLL

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073167.EXE

Win32/Adware.FunWeb application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073168.DLL

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073171.EXE

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073172.DLL

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073173.DLL

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073175.EXE

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073176.DLL

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073178.DLL

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073179.DLL

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073180.DLL

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073182.EXE

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073183.DLL

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073184.DLL

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073185.EXE

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073186.DLL

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073195.scr

Win32/Toolbar.MyWebSearch application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073225.ini

Win32/Adware.Virtumonde.NEO application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073226.ini

Win32/Adware.Virtumonde.NEO application

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073227.ini

Win32/Adware.Virtumonde.NEO application

00000000000000000000000000000000
# version=6
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=88d8fd18006ea84e862cac5b47bc6914
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-05-31 02:37:28
# local_time=2009-05-31 10:37:28 (-0500, Eastern

Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=769 21 100 100 629532031250
# compatibility_mode=6401 61 66 100 28691167507500
# scanned=74777
# found=81
# cleaned=81
# scan_time=2426
C:\Documents and Settings\All Users\Documents\My

Music\30 seconds to mars acoustic - greatest

hits.mp3 a variant of

WMA/TrojanDownloader.GetCodec.gen trojan (cleaned -

quarantined) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Documents\My

Music\30 seconds to mars acoustic CD quality.mp3

a variant of WMA/TrojanDownloader.GetCodec.gen

trojan (cleaned - quarantined)

00000000000000000000000000000000
C:\Documents and Settings\All Users\Documents\My

Music\nistor eb(Club MIX).mp3 a variant of

WMA/TrojanDownloader.GetCodec.gen trojan (cleaned -

quarantined) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Documents\My

Music\ziggy marley reggae.mp3 a variant of

WMA/TrojanDownloader.GetCodec.gen trojan (cleaned -

quarantined) 00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\blood mood - greatest

hits.mp3 a variant of

WMA/TrojanDownloader.GetCodec.gen trojan (cleaned -

quarantined) 00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\blood mood extended live

version.snd a variant of

WMA/TrojanDownloader.GetCodec.gen trojan (cleaned -

quarantined) 00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\do it again beach boys.wma

a variant of WMA/TrojanDownloader.GetCodec.gen

trojan (cleaned - quarantined)

00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\jimmy buffet license to

chill.wma a variant of

WMA/TrojanDownloader.GetCodec.gen trojan (cleaned -

quarantined) 00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\kinda kinky_ ursula 1000 -

greatest hits.mp3 a variant of

WMA/TrojanDownloader.GetCodec.gen trojan (cleaned -

quarantined) 00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\men at work - bonus

track.mp3 a variant of

WMA/TrojanDownloader.GetCodec.gen trojan (cleaned -

quarantined) 00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\men at work live.snd a

variant of WMA/TrojanDownloader.GetCodec.gen trojan

(cleaned - quarantined)

00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\reign u n k l 2009.mp3 a

variant of WMA/TrojanDownloader.GetCodec.gen trojan

(cleaned - quarantined)

00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\roud to rouen

supergrass.mp3 a variant of

WMA/TrojanDownloader.GetCodec.gen trojan (cleaned -

quarantined) 00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\Shontelle Ft Beanie Man -

Naughty.mp3 a variant of

WMA/TrojanDownloader.GetCodec.gen trojan (cleaned -

quarantined) 00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\_promised land_ mashek

fashek - greatest hits.mp3 a variant of

WMA/TrojanDownloader.GetCodec.gen trojan (cleaned -

quarantined) 00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\“ low c ” supergrass.mp3

a variant of WMA/TrojanDownloader.GetCodec.gen

trojan (cleaned - quarantined)

00000000000000000000000000000000
C:\Documents and Settings\momma\My

Documents\LimeWire\Saved\“ no regrets death on [new

single].au a variant of

WMA/TrojanDownloader.GetCodec.gen trojan (cleaned -

quarantined) 00000000000000000000000000000000
C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Program Files\Mozilla

Firefox\plugins\NPMyWebS.dll

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program Files\Internet

Explorer\msimg32.dll.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL.vir

Win32/FunWeb application (cleaned by deleting -

quarantined) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE.vir

Win32/Adware.FunWeb application (cleaned by deleting

- quarantined) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3HTML.DLL.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3IDLE.DLL.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3MSG.DLL.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3SKIN.DLL.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\MWSSVC.EXE.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\Program

Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL.vir

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32

\cccdd.bak1.vir Win32/Adware.Virtumonde.NEO

application (cleaned by deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32

\cccdd.bak2.vir Win32/Adware.Virtumonde.NEO

application (cleaned by deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32

\cccdd.ini.vir Win32/Adware.Virtumonde.NEO

application (cleaned by deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32

\cccdd.ini2.vir Win32/Adware.Virtumonde.NEO

application (cleaned by deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32

\cccdd.tmp.vir Win32/Adware.Virtumonde.NEO

application (cleaned by deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32

\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch

application (cleaned by deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32

\jtvgiwvd.ini.vir Win32/Adware.Virtumonde.NEO

application (cleaned by deleting - quarantined)

00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32

\wyjhenli.ini.vir Win32/Adware.Virtumonde.NEO

application (cleaned by deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP452\A0059100.EXE

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073154.dll

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073155.DLL

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073156.DLL

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073157.DLL

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073161.DLL

Win32/FunWeb application (cleaned by deleting -

quarantined) 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073162.DLL

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073164.SCR

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073166.DLL

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073167.EXE

Win32/Adware.FunWeb application (cleaned by deleting

- quarantined) 00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073168.DLL

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073171.EXE

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073172.DLL

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073173.DLL

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073175.EXE

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073176.DLL

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073178.DLL

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073179.DLL

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073180.DLL

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073182.EXE

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073183.DLL

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073184.DLL

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073185.EXE

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073186.DLL

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073195.scr

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073225.ini

Win32/Adware.Virtumonde.NEO application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073226.ini

Win32/Adware.Virtumonde.NEO application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP470\A0073227.ini

Win32/Adware.Virtumonde.NEO application (cleaned by

deleting - quarantined)

00000000000000000000000000000000
C:\System Volume Information\_restore{202550A8-7A33

-4BCA-9586-051D24DDBF8F}\RP481\A0074528.dll

Win32/Toolbar.MyWebSearch application (cleaned by

deleting - quarantined)

00000000000000000000000000000000



Malwarebytes' Anti-Malware 1.37
Database version: 2201
Windows 5.1.2600 Service Pack 3

5/31/2009 11:28:23 PM
mbam-log-2009-05-31 (23-28-23).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 179666
Time elapsed: 1 hour(s), 36 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 106
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\momma\Desktop\epic swell\Desktop\CursorManiaSetup2.3.50.21.ZCfox000.exe (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\documents and settings\momma\my documents\SmileyCentralPFSetup2.2.60.11-2.ZNfox000.exe (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\2.bin\F3HISTSW.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\2.bin\M3IMPIPE.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\2.bin\M3SKPLAY.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP452\A0059144.exe (Adware.TrueAds) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP452\A0059286.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:35 PM, on 5/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=6070510
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKUS\S-1-5-21-1450584279-1723378454-3865011881-1006\..\Run: [Aim6] (User 'Stud')
O4 - HKUS\S-1-5-21-1450584279-1723378454-3865011881-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Stud')
O4 - HKUS\S-1-5-21-1450584279-1723378454-3865011881-1006\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" (User 'Stud')
O4 - HKUS\S-1-5-21-1450584279-1723378454-3865011881-1008\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User '?')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c98c0362dbb048) (gupdate1c98c0362dbb048) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9691 bytes


Yoog is gone & computer seems to be running much better.. However, I still get that damned email compact files notice from Outlook as long as I have it open.....

Thanks so much,
Kathy
smurphie
Regular Member
 
Posts: 22
Joined: May 10th, 2009, 3:47 pm

Re: Yoog Removal

Unread postby turtledove » June 1st, 2009, 1:31 am

Thank you smurphie, understand the delay. No problem. Work was busier for me as well today.
Be back asap with further instructions.
:)
TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware